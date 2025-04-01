All Sections
Russian secret services' tactics used in cyberattack on Ukrainian Railways

Alyona KyrychenkoTuesday, 1 April 2025, 14:46
The train of the Ukrainian railways. Photo: Getty Images

Tactics, techniques and procedures typical of the Russian secret services were employed during a recent cyberattack on Ukrzaliznytsia (Ukrainian Railways).

Source: Yevheniia Nakonechna, Head of the State Cyber Protection Centre, part of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP)

Quote: "Experts from the Government Computer Emergency Response Team of Ukraine (CERT-UA), operating within the State Cyber Protection Centre of the SSSCIP, determined during the incident investigation that the attack employed tactics, techniques and procedures (TTPs) characteristic of Russian intelligence services. Furthermore, the cybercriminals utilised unique malware specifically designed with the attacked infrastructure’s specifics in mind. The execution of such a cyberattack required significant resources for preparation," she said.

Nakonechna noted that the planning and implementation of such a cyberattack would have required significant resources.

She also emphasised that the cyberattack on Ukrzaliznytsia, which serves millions of Ukrainians, can be equated to an act of terrorism.

Background:

  • On 23 March, Ukrzaliznytsia's online systems suffered a large-scale targeted cyberattack. Tickets were sold through ticket offices at railway stations.
  • On 27 March, Ukrzaliznytsia's online sales system was restored in a backup format for refunds and purchases of new train tickets.
  • On 30 March, Ukrzaliznytsia restored two more online services following the large-scale cyberattack. The Ukrzaliznytsia app and website now offer discounts for disabled people again, and online departure boards from all railway stations are now available in the app.
  • Ukrzaliznytsia has assured passengers that no military or personal information was leaked during the cyberattack, as it is not stored on their system.
  • Ukrzaliznytsia CEO Oleksandr Pertsovskyi said it could take between 4-6 weeks and several months to fully restore all systems.

hackerscyber securityRusso-Ukrainian war
